We're sorry Aspose doesn't work properply without JavaScript enabled.

Free Support Forum - aspose.com

Digital Signature - Validation Error

Hi,

I am using Aspose 11.5 pdf version and using the following code to append digital signtature to PDF. But the signature is not being validated properly. Getting the error.

Error during signature verification.

Error encountered while validating:

Internal cryptographic library error.
Error Code: 0x2726

Please let me know how to correct it.

String dataDir = “”;
// Instantiate Document object
dataDir = “C:\Tools\Digital\”;

	String inputFile = dataDir + "test.pdf";

	String outSignedFile = dataDir + "out_PDFNEWJAVA_33589.pdf";


	// Create PdfFileSignature instance
	PdfFileSignature pdfSignSingle = new PdfFileSignature();
	// Bind the source PDF by reading contents of Stream
	pdfSignSingle.bindPdf(inputFile);
	// Sign the PDF file using PKCS1 object
	pdfSignSingle.sign(1, true, new java.awt.Rectangle(100, 100, 150, 50), new PKCS1(dataDir + "private-key.pfx", "eKqxaXOJp8"));
	// Set image for signature appearance
	//pdfSignSingle.setSignatureAppearance(dataDir + "webLinks.png");
	// Save final output
	pdfSignSingle.save(dataDir + "out_PDFNEWJAVA_33311.pdf");

@raviteja

Thanks for your inquiry.

I am afraid that you are using quite old version of the API whereas it is always recommended to use latest version because it contains more improvements. Would you please try using Aspose.PDF for Java 19.1 at your side and in case issue still persists, please share your sample PDF document along with .pfx and .png file(s). We will test the scenario in our environment and address it accordingly.

I tried using tha latest 19.1 jar as well. Still getting the same error. How to attach the files you requested? Also for PFX i am not allowed to send it as it is our company poilcy.

@raviteja

You may please zip your files in an archive and upload with your post using attach files button in post editor. In case your files are larger, you may please upload them to Dropbox or Google Drive and share the link with us.

InputSample.pdf (72.1 KB)
out_PDFNEWJAVA_33311.pdf (151.8 KB)

Please find the attached files. Please test it and let me know the correct way to do it.

@raviteja

Thanks for sharing requested files.

We have tested the scenario in our environment and observed that issue seemed related to .pfx file. Please note that all certificates which are used to sign the document should be imported in local certificate store. Furthermore, the certificate key should contain all required information of signer. It seems that the key you have shared lacks the certificate information; resulting invalid signatures.

A certificate can be imported by double clicking the .pfx file and following the wizard or in Adobe Reader, you can perform these steps by checking signature properties. We have tried using sample certificate which was already imported in our system and document was signed with valid signatures.

Please check attached screenshots where your shared certificate is not showing certificate properties when we click on the “Show Signer Certificate” button. On the other hand, the document was able to show the certificate which was signed by using our sample key. For your kind reference, all files are attached.

CertificateInfo.png (39.2 KB)
MissingCertificate.png (12.4 KB)
Verified.pdf (112.3 KB)
mykey2.zip (2.5 KB) (Password=aa)

Would you please try using a different and valid key (.pfx) file in your environment and in case you have other concerns, please feel free to let us know.

Yes, probably pfx is the issue. I tried with the sample you provided and is looking good. Only thing pending is, the location of signature. How to get it signed only at the end of the page. Not somewhere in the middle.

@raviteja

You may specify X,Y coordinates in Rectangle object in order to place signatures over PDF Page. For example, you may try following line of code to place the signatures in second column of the page:

pdfSignSingle.sign(1, true, new java.awt.Rectangle(350, 80, 150, 50), new PKCS1(dataDir + "mykey2.pfx", "aa"));

Hi,

I am looking for a signature box with a specific name for all signatures. How can i do this?

image.png (5.3 KB)

The attached is the existing one. Can i rename it our own preference?

@raviteja

Thanks for your inquiry.

The image you have shared seems like it was taken after the document was signed because we can observe the description in signature field. We request you if you can please share a sample PDF document which is your expected output. We will test the scenario in our environment and address it accordingly.

Please find the attached output and input Sample. The output signature shows Digitally Signed by CN=Affabel Adonis.
But Actually Needed - ValidSignes By TestUser or Digitally Signed By TestUser

OutputSample.pdf (68.8 KB)
sample.pdf (3.0 KB)

Code Used:

String inputFile = dataDir + “sample.pdf”;

	// Create PdfFileSignature instance
	PdfFileSignature pdfSignSingle = new PdfFileSignature();
	// Bind the source PDF by reading contents of Stream
	pdfSignSingle.bindPdf(inputFile);
	
	// Sign the PDF file using PKCS1 object
	//pdfSignSingle.sign(1, true, new java.awt.Rectangle(100, 100, 150, 50), new PKCS1(dataDir + "mykey2.pfx", "aa"));
	pdfSignSingle.sign(1, true, new java.awt.Rectangle(400, 25, 300, 25), new PKCS1(dataDir + "mykey2.pfx", "aa"));
	//pdfSignSingle.removeUsageRights();
	// Set image for signature appearance
	
	// Save final output
	pdfSignSingle.save(dataDir + "OutputSample.pdf");

Also, one more question. When i use the sample pfx file you provided, it is coming as not a trusted certificate. I understand it being an outside certificate, my organization is not recognizing it.
Even the ones created internally, i am getting the same message. So, how to make it trusted automatically. Can it be done programatically or it is all certificate creation level?

@raviteja

The output document displays this information because it is saved in the .pfx file which was generated in our system. You may use your own .pfx file with the information supposed to be displayed in the Signature Field.

You can add certificate to local Trusted Certificate Store by using the wizard presented by Adobe Reader. The information was already shared in our earlier messages. However, in case you are facing some issue while achieving that, please feel free to let us know.

I understand the information is saved in PFX. But i think all the organization certificate formats are stored in the format CN=TestName, O=Organization
So is there a way to show only TestName in the certificate. I mean the actual name given in certificate rather than showing “CN=TestName” we want only “TestName”

@raviteja

Thanks for writing back.

We have logged an investigation ticket as PDFNET-46074 in our issue tracking system to investigate the feasibility of your requirements. As soon as we have some definite updates regarding ticket resolution, we will surely inform you. Please be patient and spare us little time.

We are sorry for the inconvenience.

I understand this would take time on your end. But is there a tentative date that this can be achieved? We have a deadline coming up and i need to know whether we can meet it by then.

@raviteja

We regret to share that we cannot share any tentative date or timeline of when issue will be fixed as it has recently been logged in our issue tracking system and pending for analysis. However, we have recorded your concerns and will definitely consider them during issue investigation. As soon as we have some definite updates regarding its resolution, we will share with you. Please spare us little time.